Trust & Privacy

Almost all tournament data — players, teams, fixtures, scores, standings, playoff brackets and audit history — is stored locally in your browser (localStorage). It never leaves your device unless you export it yourself (CSV / PDF / JSON).

On our backend we store only: anonymous usage analytics (a random visitor ID, device type, browser, traffic source, page visits and session duration), feedback you choose to submit, admin accounts and roles, and platform settings.

We use a single random identifier kept in your browser's localStorage to measure unique visits and sessions. We do not use third-party advertising cookies or cross-site trackers. You can clear this at any time via your browser's site-data controls.

The admin area is protected by email/password sign-in. Admin permissions are stored in a dedicated server-side roles table — never on the user profile — and are checked server-side on every privileged request.

Database access is governed by row-level security. Analytics tables are write-only from the client; only admins can read them.

The app is built on Lovable and uses Lovable Cloud (managed Supabase) for backend storage, authentication, and serverless functions. Data in transit is protected by HTTPS/TLS. Describing this platform is factual — it is not a Lovable-issued certification.

Because most tournament data lives in your browser, you can erase it instantly by clearing site data or using the in-app reset controls. For any analytics or feedback we hold server-side that relates to you, you can request access or deletion using the contact below.

If you believe you have found a vulnerability, please report it privately via the contact email below before disclosing publicly. We aim to acknowledge reports promptly and work with you on a fix.

For privacy questions, data requests, or security reports, please use the in-app feedback widget or reach out via the contact details published by the app owner. The team will route privacy and security messages appropriately.